Posts

I run multiple Caddy instances across separate networks, all using a shared oauth2-proxy for authentication. The setup worked fine when Caddy and oauth2-proxy were on the same network. When I moved some services to a different network and had Caddy call oauth2-proxy over its public HTTPS endpoint, group-based authorization broke silently. Users could log in. The cookie was valid. But every request failed with “Access denied: No group membership found.” ...

I wanted to spin up a VPS this evening. My provider, Binary Lane, has a password-based login with SMS 2FA. My phone was already off and across the house. The friction was enough that I didn’t bother. Instead, I started thinking about passkeys — and how much smoother that login could be. Binary Lane is a solid Australian VPS provider. Good pricing, a Brisbane datacenter, no-nonsense approach. I’ve used them for business customers for a while. But their auth is dated. Passkeys have been a viable standard since 2022. Apple, Google, and Microsoft are all pushing them. And yet most infrastructure providers — who probably should have been early adopters — are still on passwords. ...

How I turned a misconfigured relay into a curated community resource using a simple web of trust model. The Problem with Open Relays I’ve been running a Nostr relay (strfry) for a while. The intent was “community benefit” - a public good for the network. In practice, it was a mess. The relay was configured to sync from other public relays (nos.lol, soloco.nl) and accept pretty much everything. The result: ...

How a straightforward documentation task turned into an afternoon of OIDC workarounds and learning more about NetBox’s CSV parser than I ever wanted to. We have about 40 machines. A Proxmox cluster, a mix of LXCs and VMs, some VPSes across different providers, and two Tailscale networks—one legacy, one we’re migrating to. It’s not a huge environment, but it’s complex enough that “it’s all in my head” stopped being acceptable when compliance requirements entered the picture. ...

A follow-up on the market-based rebalancing experiment. This time, we’re not holding back. Previously In my last post, I set up an automated fee policy using charge-lnd to let market forces rebalance my Lightning channels. The approach was conservative: -300 ppm inbound discounts for depleted channels, 25 ppm for heavy ones. Early results were promising - bidirectional flow, 43 forwards in 48 hours, channels starting to move in the right direction. ...

A friend of mine, Aaron, is an experienced and popular personal trainer. He needed a way for clients to book sessions online and automatically receive a health screening form before their first appointment. Instead of paying for expensive SaaS subscriptions, we built the whole thing with self-hosted, open-source tools. The Problem When a new client wants to book a PT session, Aaron needs them to: Pick a time that works with his schedule Complete a health screening questionnaire and waiver Have that form signed by both parties before the first session Doing this manually means chasing emails, sending PDFs, and hoping people complete paperwork before they show up. We wanted it automated. ...

An experiment in using negative inbound fees and automated fee management to let routing incentives do the work. The Setup I run a small Lightning node with three channels, each around 5M sats capacity. Like many node operators, I found myself with imbalanced channels - some nearly depleted, others stuffed with liquidity. The conventional wisdom says to use circular rebalancing or paid rebalancing services. I wanted to try something different: let the market fix it. ...

Most push/pull routines pair exercises by category: horizontal push with horizontal pull, vertical push with vertical pull. But this misses something important—how you actually move under load. The Problem with Textbook Pairings Take the dip. It’s usually classified as a vertical press. But nobody does a dip bolt upright. You lean forward. That shifts the force vector from straight down to something more like a steep decline press—down and forward. ...

I’ve tried various blogging setups over the years. This time I wanted something that felt right: write in a tool I enjoy, publish with a simple command, and keep everything under my control. Here’s what I landed on. The Stack Writing: Obsidian Static site generator: Hugo with the PaperMod theme Hosting: Self-hosted on my home server via Caddy Deployment: GitHub webhook triggers automatic rebuilds Why This Approach? Write Where It’s Comfortable I already use Obsidian for notes. Opening a separate app or web interface to write blog posts creates friction. By opening my Hugo site as an Obsidian vault, I write posts in the same environment as everything else. ...